cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
57208
Views
1
Helpful
7
Replies

how to reset a ASA5505 withou the password

Bob Salomon
Level 1
Level 1

We just took on a new client and they do not have the username or password for their ASA 5505.  Unless anyone has any ideas, we need to reset to factory defaults. I have read some instructions online how to do this, but they require the password.  How do we do it without the password?

Bob            

7 Replies 7

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

Here is the guide to recovering lost password from Cisco

Basicly to my understanding it interrupts the normal ASA boot and lets the ASA boot without configuration. When the ASA has booted you will load the configuration to the ASA (as you have already accessed its CLI) and you change the AAA information to what you like and save the configuration.

Step 1 Connect to the adaptive security appliance console port according to the instructions in "Accessing the Command-Line Interface" section.

Step 2 Power off the adaptive security appliance, and then power it on.

Step 3 After startup, press the Escape key when you are prompted to enter ROMMON mode.

Step 4 To update the configuration register value, enter the following command:

rommon #1> confreg 0x41

Update Config Register (0x41) in NVRAM...

Step 5 To set the adaptive security appliance to ignore the startup configuration, enter the following command:

rommon #1> confreg

The adaptive security appliance displays the current configuration register value, and asks whether you want to change it:

Current Configuration Register: 0x00000041

Configuration Summary: 

  boot default image from Flash

  ignore system configuration

Do you wish to change this configuration? y/n [n]: y

Step 6 Record the current configuration register value, so you can restore it later.

Step 7 At the prompt, enter Y to change the value.

The adaptive security appliance prompts you for new values.

Step 8 Accept the default values for all settings. At the prompt, enter Y.

Step 9 Reload the adaptive security appliance by entering the following command:

rommon #2> boot

Launching BootLoader...

Boot configuration file contains 1 entry.

Loading disk0:/asa800-226-k8.bin... Booting...Loading...

The adaptive security appliance loads the default configuration instead of the startup configuration.

Step 10 Access the privileged EXEC mode by entering the following command:

hostname> enable

Step 11 When prompted for the password, press Enter.

The password is blank.

Step 12 Access the global configuration mode by entering the following command:

hostname# configure terminal

Step 13 Copy the running configuration to the startup configuration by entering the following command:

hostname(config)# copy running-config startup-config

Step 14 Change the passwords, as required, in the default configuration by entering the following commands:

hostname(config)# password password

hostname(config)# enable password password

hostname(config)# username name password password

Step 15 Load the default configuration by entering the following command:

hostname(config)# no config-register 

The default configuration register value is 0x1. For more information about the configuration register, see the Cisco Security Appliance Command Reference.

Step 16 Save the new passwords to the startup configuration by entering the following command:

hostname(config)# copy running-config startup-config

Dont know if its just me or should the Step 13 be the other way around. Copy startup to running? Wouldnt we otherwise be copying a blank configuration to the startup and therefore loose the old configuration completely? I guess I must have just understood it wrong myself.

- Jouni

This is great, it will save me lots of time trying to back figure the currect configuration. Will try next Friday

Thanks

Bob

During reboot, what do you get when you try interrupting boot sequence? It should give you an option to reset and loose all config.

The original thread is >5 years old. I think they probably figured it out by now. :)

How about now? haha

goran ljubic
Level 1
Level 1

i have a question. after reset password with this method, which configuration have asa5505? it's factory configuration or configuration before reset password? i forgot password i don't want to loose my configuration, i don't have backup.can i apply this method for reset password i my case?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: